Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2641 | 1 Moodle | 1 Moodle | 2017-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. | |||||
| CVE-2017-7221 | 1 Opentext | 1 Documentum Content Server | 2017-08-15 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. | |||||
| CVE-2017-12567 | 1 Quest | 3 K1000 As A Service, Kace Asset Management Appliance, Kace Systems Management Appliance | 2017-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. | |||||
| CVE-2017-12650 | 1 Loginizer | 1 Loginizer | 2017-08-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header. | |||||
| CVE-2017-12585 | 1 Slims | 1 Akasia | 2017-08-14 | 6.5 MEDIUM | 8.8 HIGH |
| SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users. | |||||
| CVE-2017-7952 | 1 Infor | 1 Enterprise Asset Management | 2017-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. | |||||
| CVE-2017-8835 | 1 Peplink | 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more | 2017-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database. | |||||
| CVE-2017-9418 | 1 Goldplugins | 1 Testimonials Plugin Easy Testimonials | 2017-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. | |||||
| CVE-2017-9429 | 1 Event List Project | 1 Event List | 2017-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. | |||||
| CVE-2017-9603 | 1 Intensewp | 1 Wp Jobs | 2017-08-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. | |||||
| CVE-2016-7508 | 1 Glpi-project | 1 Glpi | 2017-08-11 | 6.0 MEDIUM | 7.5 HIGH |
| Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding. | |||||
| CVE-2015-2798 | 1 Web-dorado | 1 Contact Form Maker | 2017-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2017-11383 | 1 Trendmicro | 1 Control Manager | 2017-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560. | |||||
| CVE-2017-11384 | 1 Trendmicro | 1 Control Manager | 2017-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561. | |||||
| CVE-2008-4991 | 1 Ec-cube | 1 Ec-cube | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter. | |||||
| CVE-2008-5055 | 1 Activecampaign | 1 Triolive | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php. | |||||
| CVE-2008-5057 | 1 Aspindir | 1 Dizi Portali | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5064 | 1 H\&h | 1 Websoccer | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5122 | 1 Ektron | 1 Cms4000.net | 2017-08-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter. | |||||
| CVE-2008-5165 | 1 Eticket | 1 Eticket | 2017-08-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php. | |||||